diff options
author | bz <bz@FreeBSD.org> | 2008-01-24 08:25:59 +0000 |
---|---|---|
committer | bz <bz@FreeBSD.org> | 2008-01-24 08:25:59 +0000 |
commit | 1c376286e046dbe30549b705bd310d6218ffc824 (patch) | |
tree | 54dfe6089b6177f2bd726f05233e0c1a76433c3e /sys/netinet6/in6.c | |
parent | ca561e0217663df7e35502550d299ef5f818e4e8 (diff) | |
download | FreeBSD-src-1c376286e046dbe30549b705bd310d6218ffc824.zip FreeBSD-src-1c376286e046dbe30549b705bd310d6218ffc824.tar.gz |
Replace the last susers calls in netinet6/ with privilege checks.
Introduce a new privilege allowing to set certain IP header options
(hop-by-hop, routing headers).
Leave a few comments to be addressed later.
Reviewed by: rwatson (older version, before addressing his comments)
Diffstat (limited to 'sys/netinet6/in6.c')
-rw-r--r-- | sys/netinet6/in6.c | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/sys/netinet6/in6.c b/sys/netinet6/in6.c index 450b130..bcb634f 100644 --- a/sys/netinet6/in6.c +++ b/sys/netinet6/in6.c @@ -401,13 +401,16 @@ in6_control(struct socket *so, u_long cmd, caddr_t data, switch (cmd) { case SIOCALIFADDR: + if (td != NULL) { + error = priv_check(td, PRIV_NET_ADDIFADDR); + if (error) + return (error); + } + return in6_lifaddr_ioctl(so, cmd, data, ifp, td); + case SIOCDLIFADDR: - /* - * XXXRW: Is this checked at another layer? What priv to use - * here? - */ if (td != NULL) { - error = suser(td); + error = priv_check(td, PRIV_NET_DELIFADDR); if (error) return (error); } @@ -500,12 +503,9 @@ in6_control(struct socket *so, u_long cmd, caddr_t data, ifra->ifra_addr.sin6_len != sizeof(struct sockaddr_in6)) return (EAFNOSUPPORT); - /* - * XXXRW: Is this checked at another layer? What priv to use - * here? - */ if (td != NULL) { - error = suser(td); + error = priv_check(td, (cmd == SIOCDIFADDR_IN6) ? + PRIV_NET_DELIFADDR : PRIV_NET_ADDIFADDR); if (error) return (error); } |